Sites shut down after hack on Fasthosts

The UK’s largest web hosting firm, Fasthosts, has temporarily shut down some of its customers' websites – hundreds of sites are reportedly affected – following a hacking attack on its database.

Leo King
December 6, 2007

Share

Twitter

Facebook

LinkedIn

Google Plus

The UK’s largest web hosting firm, Fasthosts, has temporarily shut down some of its customers' websites – hundreds of sites are reportedly affected – following a hacking attack on its database.

The database contains the financial details, email addresses and passwords of over a million businesses for which Fasthosts hosts websites. Whether or how the thieves have used the stolen data is not yet known.

On 29 November Fasthosts had to forcibly shut down a number of its customers’ websites and send them new control panel and FTP passwords by post. This happened after some companies failed to change their passwords when the web hosting firm advised them it had discovered a network intrusion on one of its servers.

The firm still has to reset unchanged email passwords, which it has advised customers it will do on 13 December.

The company said in a statement that it carried out a system-wide external security audit and that the password reset had been urgent because “a very small number of customers who did not change their passwords had experienced a compromise to their FTP space”.

Commentators have suggested that those Fasthosts customers lost vital custom on the run up to Christmas, as their websites were inactive until they received their new passwords by post.

Sal Viveros, an analyst at security firm McAfee, said it was “not a small-scale attack by any stretch of the imagination” and that the hackers could have accessed the entire database. Confidence in web hosting firms as a whole would be much lower as a result of this incident, he said.

McAfee advised companies worried about the fallout of the attack to take the following security measures: update their anti-virus and anti-spyware software, install personal firewalls, regularly install update patches, avoid opening email attachments from unrecognisable sources, choose an internet service provider that offers email and content filtering, and change passwords regularly.